I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

parasites dug deep into my Registry and eventually overran my system with pop-ups, browser redirects and God-only-knows how many bots and backdoors. It was so bad that I could barely get any work done.

It's really hard to clean your system of this junk, but now that my long spyware nightmare is over, I'm glad it happened. Well, not glad exactly, but the experience was a real eye-opener.

Being infected by spyware reinforces the merits of defense-in-depth security at a system level. Getting rid of it, and preventing it from coming back, requires multiple tools and techniques at different layers. In the end, I discovered that maintaining a spyware-free box requires a combination of rigorous OS updating, strict browser policies over active code, automated scanning and good ol' fashioned elbow grease.

The first thing I did was perform a basic system checkup: I installed missing Windows Up-dates, emptied my TMP folder in Safe Mode, cleaned out my cookie cache, uninstalled rogue applications in Add/Remove Programs, checked my IE settings and ran a full AV scan of my hard disk. This process itself didn't get rid of much spyware, but it ensured I was starting from a solid baseline.

Next, I ran some specialized spyware-removal tools. Unfortunately, none of these completely cleansed my system. I tried a whole bunch of freeware and payware, including Spybot Search & Destroy, SpySubtract, CWShredder, SpyBouncer, Ad-Aware, Privacy Defender and AF Pop-Stopper. Most of these operate on a signature-matching model, like an AV scanner, and they catch different spyware strains. I tried running them in different sequences, which helped identify "leftover" malware, but some spyware got embedded so deeply into my Registry that none of the tools could remove it.

Ultimately, ridding your system of spyware requires you to roll up your sleeves and dig into the Registry itself, which is like playing with fire if you don't know what you're looking for. First, I backed up the Registry by exporting the file to another directory--that way, if I inadvertently deleted an essential application or system file, I could revert to the backup.

The most important tool in my antispyware arsenal turned out to be HijackThis, a powerful little program that shows you a list of suspect system settings. The danger with HijackThis is that it doesn't discriminate "good" from "bad." Most of these settings are easy to identify as "good" by the path name; Googling those that aren't recognizable quickly tells you if it's spyware. Alternately, several Web sites (e.g., www.spywarewarrior.com) host forums where you can post your HijackThis log. Volunteers will look it over and help you identify which keys and settings to remove, and which to leave alone.

My battle with spyware taught me that, as an industry, we've got a long way to go. Conventional AV is powerless against it, and dedicated spyware-removal tools are incomplete. In a broader sense, it's a fair bet that if your Windows-based client machines are running anything earlier than XP SP2, they're bound to be infected unless you rigorously enforce basic system security policies and processes. (For a good overview within a spyware context, see www.io.com/~cwagner/spyware.)

Never again will I be so blasÉ about spyware. Believe me when I say this: An ounce of prevention is worth a ton of cure, so get to work now before this becomes an epidemic in your shop.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy